Now that we are all getting used to GDPR, you have probably seen mailing lists advertised with the reassuring words “GDPR Compliant Data”. But what does it mean for b2b mailing list data to be GDPR compliant?
- The mailing list has to be current and up-to-date. The new General Data Protection Regulation does not define ‘current’. Electric Marketing is taking the view that our mailing lists, verified by telephone two or three times a year, qualify as being current.
- If the mailing list contains personal information, and names and company email addresses which contain a person’s name do count as personal information, every person on the list must be informed that they are on the mailing list and be informed of the extent of the information held by the data owner. This is not the same as consent, but a mailing list owner should contact the data subject and give them the opportunity to opt out. Unlike consumer marketing where consent is required, business-to-business marketing remains an opt-out regime.
- Data must have been collected lawfully ie data must not be stolen and must have been collected for the purpose it is being used for eg data subjects should not be told that their email address will be used for research purposes only to be sent sales and marketing emails.
So now you know what to expect of a reputable mailing list supplier. My next blog covers the steps that you, the user of bought-in b2b email lists, must take when running a GDPR compliant email marketing campaign.
Have You Invested In an eMailing List which is GDPR Compliant?
After the deluge of permissioning emails around GDPR, many people are acutely aware of which emails they have signed up to receive and which requests for permission they denied or ignored.
This means that slack marketers can no longer rely on the short memory of a target by writing something like this:
“You are receiving this email as you have subscribed in the past to receive information about our events. If you wish to update your email preferences or unsubscribe, please click the link below”.
Yes this statement is doing the right thing by offering an unsubscribe but post-GDPR this sort of email sign off is increasingly being called out by targets.
A little white lie claiming that the prospect is receiving emails because they have ‘previously signed up’ or ‘enquired in the past’ when the marketer bought in an email list and the company has no previous relationship with the data subject does not enhance your campaign. In the post-GDPR age, very few people are falling for this anymore.
I have seen this at the bottom of a few emails this month:
“This email was sent to you as a corporate subscriber within the meaning of the Privacy and Electronic Communications Regulations 2003. Your personal data are protected under the General Data Protection Regulation and Data Protection Act 2018. If you would like to know how and why you have received this message, please visit our information page.”
Electric Marketing is signing off its emails with this:
“As a GDPR compliant company, we would like to explain why you have received this email. We believe that you have a need for business marketing data within your business. We have identified your email address as being an appropriate point of contact within your organisation. This represents legitimate interest in line with the ICO’s guidance. Our Privacy Notice is available here”
Like the new regulation, our statement is a bit clunky but as we all get used to what GDPR means for business-to-business marketing, this will no doubt become shorter and snappier over time.